The latest fake security program from the Smitfraud crooks takes no shame and rips off good old Mr Clean, the household cleaner. Mr Antispy may look like Mr Clean, but the only thing that this rogue program will clean out is your wallet.

The latest fake security program from the Smitfraud crooks takes no shame and rips off good old Mr Clean, the household cleaner. Mr Antispy may look like Mr Clean, but the only thing that this rogue program will clean out is your wallet.

MrAntispy is from the old fast web search (CWS) affiliated in this one with the Spywareno rogues. Smitfraud began from the John Miller Liber Inc/Cactus vxgame/ Darkgt IframeDollars malware groups who where/are affiliates of the Spywareno-spysheriff group._________________Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004

curepcsolutions.com is a different animal from a new source and breakspyware.com is from the Klikrevenue group whereas, mr antispy is from the spywareno rogues family._________________Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004

for contra-virus.com, you will notice the email in the whois record:
anth.hong @ gmail.com. The use of a first name (DOT) second name @ gmail.com is consistant with some of the Spyaxe rogues family of sites.

This also leads to the payment center of eshop5.com which leads to paymenter.com with many sites I already list which I have found to be a part of the ibill, oxbill, gspay limited group._________________Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004

for contra-virus.com, you will notice the email in the whois record:
anth.hong @ gmail.com. The use of a first name (DOT) second name @ gmail.com is consistant with some of the Spyaxe rogues family of sites.

This also leads to the payment center of eshop5.com which leads to paymenter.com with many sites I already list which I have found to be a part of the ibill, oxbill, gspay limited group.

Ok, found the actual site the credit card transactions are transmitted to:
% Information from TLD .lv whois service.
% Please visit http://www.nic.lv/DNS/ for more information. So eshop5.com group uses a bank in Latvia to handle credit card transactions for their rogues.

As to the ContraVirus Anti Spyware. I just ran some testing and I think we need to take a closer look at this one as it is not only new, it also does not run nap screens and after running it on some of my file collections I have seen no FP. Also, it allows you to run an update, view logs, etc. Only when clicking to clean it takes you to eshop5.com which is under the control of GSPay.

I think we need to run tests and also take a look at adaware as this log seems very close to what theirs use to be.

So until we can test and have Eric H take a look, I don't think we can classify this one as a Rogue._________________Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004

"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

IMO, this one is "suspect" by association because:

It is registered through Estdomains and hosted at InterCage. That alone make is suspect in my mind. Also, who in their right mind would trust that group with their credit card info?_________________Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

IMO, this one is "suspect" by association because:

It is registered through Estdomains and hosted at InterCage. That alone make is suspect in my mind. Also, who in their right mind would trust that group with their credit card info?

We should still run a few infestations and their app and look at the logs. This software is totally different than the normal rogues and I think we need to look at adaware scans as this new software logs seem too close as copies of what an adaware log shows.

They have other features not found in the fly by night rogues, so whoever the programmer is, is not one with the other rogues. For them to catch every vxgame and other pets I keep tells me they are not just scanning cookies as the rest.

Now in the same IP is the foxp2p.com. I installed it and it has the same gui interface as that of limewire and uses the same network. I think we need to watch them but need more complete testing of the antispyware apps from each of the sites with different types of infestations and see what the results are. Also, I had not found any nag screens, only the opeing to the site to buy when clicking the clean button.

Let's put them on a list for further research and even maybe some email to them asking questions about the apps to see what comes back. Until then I cannot myself call them a rogue and put them into my sites list until I have further evidence that they are not on the up and up.

Om the side of common characteristics I find the following that does set off red flags:

1. They are registered thru esthost/estdomains. 5 points against them.

2. The whois email anth.hong @ gmail.com. The ones I find using two names seperated with a DOT and using gmail has been the spyaxe family of rogues.

3. The dns servers for their 4 sites are xname.org and mydomain.com.
Also they list their location as thailand (TH) and the phone number country code of +66 is thailand. This is different than most I have found so far.

With number 1 and 2 I will keep and open mind but I think we still need some further tests with the software. Keep them for now as suspect._________________Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004